Wireshark-users: [Wireshark-users] packets captured and received by filter
Hi all,
This is a tcpdump specific question, sorry that it is
not directly a wireshark question. I could not find a user's mailing
list for tcpdump. I was hoping that some overlap in the community
would be able to help.
I am capturing wireless traffic on ath0 as follows:
sudo tcpdump -s 0 -i ath0 -w /tmp/tmp.pcap
When finished, I see:
19431 packets captured
38863 packets received by filter
0 packets dropped by kernel
Why is there a gap between packets received by the filter, and captured? Can the machine not keep up with the capture?
I tried capping the amount of data captured, and it doesn't seem to help:
sudo tcpdump -s 10 -i ath0 -w /tmp/tmp.pcap
19096 packets captured
38193 packets received by filter
0 packets dropped by kernel
I'd greatly appreciate any feedback.
Thanks!
George